diff options
author | Anna Henningsen <anna@addaleax.net> | 2019-08-12 23:36:00 +0200 |
---|---|---|
committer | Michaƫl Zasso <targos@protonmail.com> | 2019-08-15 09:51:53 +0200 |
commit | ec60b625b66288cb63d63a51b115661a8503e19e (patch) | |
tree | 1b7871cc36d0f3b4d85b2ab48a49ddb30aef7192 /src/node_revert.h | |
parent | 8a4a1931b8b98242abb590936c31f0c20dd2e08f (diff) | |
download | android-node-v8-ec60b625b66288cb63d63a51b115661a8503e19e.tar.gz android-node-v8-ec60b625b66288cb63d63a51b115661a8503e19e.tar.bz2 android-node-v8-ec60b625b66288cb63d63a51b115661a8503e19e.zip |
http2: allow security revert for Ping/Settings Flood
nghttp2 has updated its limit for outstanding Ping/Settings ACKs
to 1000. This commit allows reverting to the old default of 10000.
The associated CVEs are CVE-2019-9512/CVE-2019-9515.
PR-URL: https://github.com/nodejs/node/pull/29122
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Diffstat (limited to 'src/node_revert.h')
-rw-r--r-- | src/node_revert.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/node_revert.h b/src/node_revert.h index 33b30a0dfe..66161c9c9b 100644 --- a/src/node_revert.h +++ b/src/node_revert.h @@ -16,6 +16,7 @@ namespace node { #define SECURITY_REVERSIONS(XX) \ + XX(CVE_2019_9512, "CVE-2019-9512", "HTTP/2 Ping/Settings Flood") \ XX(CVE_2019_9514, "CVE-2019-9514", "HTTP/2 Reset Flood") \ XX(CVE_2019_9516, "CVE-2019-9516", "HTTP/2 0-Length Headers Leak") \ XX(CVE_2019_9518, "CVE-2019-9518", "HTTP/2 Empty DATA Frame Flooding") \ |